Ride The Lightningtag:typepad.com,2003:weblog-13694102016-12-08T10:00:00-05:00Ride the Lightning: Electronic Evidence is a blog by Sharon D. Nelson, a noted author and lecturer and President of the digital forensics firm Sensei Enterprises, Inc. It was developed to share electronic evidence news, to report and reflect upon current computer forensics and electronic discovery developments and to offer a light-hearted view of electronic evidence from the trenches, where folks really do “ride the lightning.”TypePadChina Has Breached Major U.S. Law Firmstag:typepad.com,2003:post-6a00e008daf3e0883401bb095ce75c970d2016-12-08T10:00:00-05:002016-12-07T18:07:03-05:00In one sense, this story from Fortune isn't new. It was heavily reported earlier this year that a series of breaches struck large law firms in 2015, but it now appears that the breaches were far more pervasive than reported...Sharon Nelson

In one sense, this story from Fortune isn't new. It was heavily reported earlier this year that a series of breaches struck large law firms in 2015, but it now appears that the breaches were far more pervasive than reported and carried out by people with ties to the Chinese government, according to evidence seen by Fortune.

The incidents involved hackers getting into the e-mail accounts of partners at well-known firms, and then relaying messages and other data from the partners' in-boxes to outside servers. In the case of one firm, the attacks took place over a 94 day period starting in March of 2015, and resulted in the hackers stealing about seven gigabytes of data. That figure would typically amount to tens or hundreds of thousands of e-mails.

The information also revealed the thefts took place in one hour increments, and that the hackers returned repeatedly in search of new information. News of the law firm breaches appeared earlier this year when the Wall Street Journal reported that hackers had penetrated the computer networks of Cravath Swaine & Moore, Weil Gotshal & Manges and other unidentified firms.

The earlier news of the law firm breaches did not say who conducted the hacking, but Fortune obtained what it called reliable information that indicates the breaches took place as part of a larger initiative by the Chinese government. This initiative also saw the hackers target big U.S. companies, including a major airline. The 2015 attack reflected familiar patterns of hacking employed by individuals with connections to the Chinese government.

The evidence obtained by Fortune did not disclose a clear motive for the attack but did show the names of law firm partners targeted by the hackers. The practice areas of those partners include mergers and acquisitions and intellectual property, suggesting the goal of the e-mail theft may indeed have been economic in nature. This is no surprise to anyone who has been watching what is going on – economic motives loom large in hacking.

Multiple sources in law enforcement and at the law firms declined to go on record for this story (also not a surprise), but confirmed the role of China in the e-mail hacking campaign. The sources did not wish to speak publicly in part because the events are the subject of a confidential investigation. The office of the U.S. Attorney for the Southern District of New York launched the investigation earlier this year, and it is active and ongoing. A spokesperson for the office declined to comment.

The targets were numerous. In addition to the ones named by the Journal, evidence also shows the hackers tried to target other prominent law firms, including Cleary Gottlieb; Mayer Brown; Latham & Watkins; Covington & Burling; and Davis Polk & Wardell. The hacking attempts did not always succeed as some firms rebuffed the attacks or prevented the attackers from removing any data.

The firms chose not to comment in part because cybersecurity is a sensitive matter and, like other organizations, they do not want to draw attention to themselves—regardless of whether a breach has occurred or not. You have heard me say that many times. Firms generally get "outed" – they don't out themselves.

In the case of successful attacks, firms had deployed firewalls and other measures to guard their networks, but they failed to detect the e-mail-driven attack. Such attacks, known as "spear-phishing," target victims with personalized e-mails.

Meanwhile, there have been fresh attempts to compromise law firms with new forms of phishing attacks. Last week, for instance, New York's Attorney General, Eric Schneiderman warned of a scam that involved sending e-mails to lawyers purporting to be from his office. Similar warning have been issued by a number of states, as I reported yesterday.

This is my first hat tip to Jim Calloway, my co-host on the Legal Talk Network's Digital Edge podcast. Jim usually gets his cybersecurity news from me – but thanks for catching this one early Cowboy!

And if you're still shopping for holiday tech toys, well that's what our latest podcast highlights - complete with sound effects. Go have fun – after all, 'tis the season!

http://ridethelightning.senseient.com/2016/12/china-has-breached-major-us-law-firms.htmlBars Warn Lawyers About E-Mail Bar Complaint Scamtag:typepad.com,2003:post-6a00e008daf3e0883401bb095bdab5970d2016-12-07T10:00:00-05:002016-12-05T08:27:17-05:00On December 1st, the Virginia State Bar joined Texas, New York, Pennsylvania, Maryland and Florida in warning lawyers about an e-mail scam in which lawyers receive e-mails asking them to click on a link to get more information about a...Sharon Nelson

On December 1st, the Virginia State Bar joined Texas, New York, Pennsylvania, Maryland and Florida in warning lawyers about an e-mail scam in which lawyers receive e-mails asking them to click on a link to get more information about a bar complaint against them.

Clicking the link could install ransomware that will encrypt the lawyer's files until a ransom is paid, usually in bitcoins.

The e-mails tend to report that a grievance has been filed against the lawyer and that they have ten days to respond. Imagine the temptation to click on a link or attachment to view the complaint.

For my fellow Virginia State Bar members, note that the VSB does not send out disciplinary notices by e-mail. And there are clues that these e-mails are fake. One common one has as its sender "The Office of the State Attorney at com.department.com. The subject is "The Office of the State Attorney Complaint." Even worse is one whose subject is "See you in court". That one may appear to be from a lawyer you know whose account has been hacked. But none of it makes any sense unless you are reading in fear!

If you receive such a message, don't click on anything. The best advice is to delete the e-mail. For those who are fretful, call your state bar to confirm that no disciplinary action is pending and then delete it.

http://ridethelightning.senseient.com/2016/12/bars-warn-lawyers-about-e-mail-bar-complaint-scam.htmlCybersecurity School to Open at Bletchley Parktag:typepad.com,2003:post-6a00e008daf3e0883401b8d24181b1970c2016-12-06T10:00:00-05:002016-12-02T15:48:39-05:00For as long as I can remember, I have been fascinated by the work done at Bletchley Park in Britain, where the German Enigma Code was broken. So I am delighted to learn from a Naked Security post that a...Sharon Nelson

For as long as I can remember, I have been fascinated by the work done at Bletchley Park in Britain, where the German Enigma Code was broken. So I am delighted to learn from a Naked Securitypost that a cybersecurity college is going to be set up at Bletchley Park to teach 16-19 year olds cybersecurity skills along with math, physics, computer science and economics.

Good news too that the college is going to be set up by a consortium of experts: BT Security, Cyber Security challenge and The National Museum of Computing are well placed in terms of computing and cybersecurity knowledge, with partner City and Guilds providing the education and qualification expertise.

The college is to be based in G Block at Bletchley Park after a £5m ($6.2 million) restoration and will house students who board.

They really took a page from history. Most of the people who worked at Bletchley Park from when it was set up in 1939 through to the finish of the codebreaking work were young people, many of them teenagers. More than half of them were women.

Some 10,000 people worked in complete secrecy at Bletchley Park during World War II. It has been said that their work shortened the war by two years, potentially saving around 22 million lives. What better place to train future cybersecurity experts than at the home of the codebreakers?

One of my favorite movies is The Imitation Game, which is a great dramatic rendition of the work done at Bletchley. It garnered eight Oscar nominations, including Best Picture and won for the Best Adapted Screenplay. If you haven't seen it, make this a movie night. Popcorn, anyone?

http://ridethelightning.senseient.com/2016/12/cybersecurity-school-to-open-at-bletchley-park.htmlG Suite Message Encryption Quick Start Guidetag:typepad.com,2003:post-6a00e008daf3e0883401b7c8b7aff6970b2016-12-05T10:00:00-05:002016-12-02T14:33:10-05:00There are a fair number of lawyers using G Suite (formerly Google Apps) for their law firms. With thanks to Dave Ries, Google has recently announced the availability of G Suite Message Encryption (GAME), an e-mail encryption service for G...Sharon Nelson

There are a fair number of lawyers using G Suite (formerly Google Apps) for their law firms. With thanks to Dave Ries, Google has recently announced the availability of G Suite Message Encryption (GAME), an e-mail encryption service for G Suite customers designed by ZixCorp. GAME provides secure e-mail to G Suite users communicating outside Google's secure cloud to all other e-mail users.

G Suite customers can predefine security policies to trigger encryption of sensitive information in their outbound e-mail communication. Using ZixCorp's Best Method of Delivery, GAME provides transparent encryption between G Suite and ZixCorp customers, as well as the ability to deliver securely to anyone, anywhere and on any device.

The GAME Quick Start Guide is intended to help you purchase, set up and test your GAME service for production use. For additional information on ZixCorp's G Suite Message Encryption service, visit the GAME Resource Center.

http://ridethelightning.senseient.com/2016/12/g-suite-message-encryption-quick-start-guide.htmlEvery Move You Make, We’ll Be Watching Youtag:typepad.com,2003:post-6a00e008daf3e0883401bb0959591f970d2016-12-01T10:00:00-05:002016-11-30T11:25:59-05:00Every now and again, my work feels like play and I find myself chortling. Thanks to Dave Ries for turning me on to the Dutch website ClickClickClick. Make sure to turn your audio on, as the site asks you to...Sharon Nelson

Every now and again, my work feels like play and I find myself chortling. Thanks to Dave Ries for turning me on to the Dutch website ClickClickClick. Make sure to turn your audio on, as the site asks you to do. You may feel a bit stoned out (a long ago sensation) by this site – so pick your moment to visit it.

As described by a Naked Securitypost, the point of the website is that the technology of today can track EVERY move we make and every click we take. There is quite a running audio commentary about everything you do. It teased me about logging in during working hours (hey, this is my work buddy!). And it protested if I moved my cursor to another monitor.

Are you still there? You haven't been around for quite some time now. I'm thinking, do you still like me?

The audio commentary is made in a jaunty Dutch accent – the site was created by Dutch media company VPRO and the Amsterdam-based interactive design company Studio Moniker.

It's a simple site – a white screen with a big green button labelled "Button" in the middle – and it has a simple mission: to observe and comment on everything that visitors do on the site, in great detail, and to thereby remind visitors about just how closely our online behavior is monitored.

Subject! Stay focused! …inactive… waiting possibly for something to happen? Come on, subject. You were being so great. Do something. Moving around a lot now. Curious and energetic. Interesting.

You may be my favorite visitor.

Studio Monkier designer Roel Wouters told news.com that ClickClickClick was designed to remind people about the serious themes of big data and privacy.

There's nothing unique about ClickClickClick's tracking. What is unique is that it's upfront about it, letting us see the granularity of that tracking in an ongoing log that streams on-screen with notations including where on the screen you moved, whether you zigzagged or moved straight, how many pixels, how long you were inactive and the like. The site actually tracks the possible "achievements" you can make. I made it up to 39% before I remembered that I had paying work to do.

Unusual behavior… Subject has been gone for 10 minutes… Very slow. Boring like hell.

Go play and have fun. I did decline to let the site see me by turning on my webcam. That was just too creepy, even my mesmerized, zoned out state!

Thanks to friend and colleague Tina Ayiotis for submitting the following review of Locked Down: Practical Information Security for Lawyers (2nd Edition, ABA 2016). John and I also thank our co-author of the book, Dave Ries, whose expertise contributed so much to the book.

As someone who read (and reviewed the first edition, I was delighted to find the second edition even more readable and relevant. There shouldn't be any doubt today regarding the need for lawyers to be competent about how to protect their Client's confidential information— Locked Down: Practical Information Security for Lawyers, 2nd Edition enables them to understand the basics of end-to-end information management covering (in depth, in some instances) policies, physical security, authentication, encryption, mobility, network security, remote access, cloud computing, outsourcing (3rd party vendors), social media, cyberinsurance and much more. Conveniently, the Appendices contain the most important cyber collateral (e.g., NIST Framework, relevant ABA Model Rules, Checklists, Sample Security Policies, etc.) so minimal outside resources need to be consulted to use the book as a blueprint for how to be secure.

While the book is written for lawyers (and all lawyers should read it), it is important for all professionals supporting legal services to also read it to understand the role they play in the ecosystem. For example, the chapter on Secure Disposal and Digital Copiers should put lawyers on notice that all people working for them that touch digital (or otherwise) Client information have a hand in ensuring it is properly managed/secured. This may mean hiring consultants with more in-depth knowledge to ensure devices, etc. are properly configured and data flows are mapped and managed (full-lifecycle). The chapter on The Internet of Everything drives home the point that soon absolutely everything will be "connected" making vigilance about proper information management (including information security) all the more important. The chapter on Cloud Computing provides a terrific overview of the issues to be considered (pp. 222-223 cover "reasonable care") in this context. Given how mobile everyone is today, the chapters on Networks: Wired and Wireless and Remote Access should have readers running to their own devices (including home routers) and/or their IT staff/consultants to ensure everything is appropriately configured and working.

Having read hundreds of relevant articles and books over the years, this is the best (most straightforward and appropriately detailed) book on the subject. If you remove the lawyer-specific (mostly ethical) requirements, it stands as a general book on cybersecurity for any business. Every corporate counsel should read this book, both to ensure their own house is in order and to work with all their 3rd Party legal services vendors, particularly law firms. Cybersecurity is so important that every law firm employee should be properly trained (based on their roles) and certainly every law firm IT and Records/Information Governance professional should read and live the content of the book. I stand by my October 22, 2015 prediction that when a law firm is sued by a client because of a data breach, Locked Down may one day be "entered into evidence to demonstrate the 'reasonable care' law firms should be taking with respect to security." That day may come soon.

P.S. Encryption, encryption, encryption is a mantra rightly reinforced by the authors throughout the chapters that I hope gets into (and stays) in the subconscious of every reader.

http://ridethelightning.senseient.com/2016/11/review-locked-down-practical-information-security-for-lawyers-2nd-edition.htmlDrone Helps Capture Liquor Thieves in Oklahomatag:typepad.com,2003:post-6a00e008daf3e0883401b8d23f3edd970c2016-11-29T10:00:00-05:002016-11-29T06:54:46-05:00On November 28th, a local TV station reported that two men were arrested in Tulsa, Oklahoma after breaking into a business to steal two bottles of scotch. Not an unusual crime, but made unusual by the involvement of a drone...Sharon Nelson

On November 28th, a local TV station reported that two men were arrested in Tulsa, Oklahoma after breaking into a business to steal two bottles of scotch. Not an unusual crime, but made unusual by the involvement of a drone which followed the men across the street from the break-in to a park where they began drinking the fruits of their crime.

An eyewitness who saw the break-in happening was talking to a drone pilot outside The Vault, where the break-in took place. So when the men took off, the drone did too. David Bell, the drone operator, generally flies his drone to get beauty shots downtown.

But on that day, his drone's live feed guided the police to the men drinking on the bench. One was arrested for public intoxication and the other for the break-in. They reportedly didn't believe that the police had been aided by a drone. But criminals probably should get used to the fact that video cameras – and now drones – may be their undoing.

The guide lays out dozens of technical standards and security principles for connected-device developers in an attempt to reduce security vulnerabilities. The publication will no doubt receive a lot of attention in the wake of the Dyn attack, in which hackers hijacked millions of Internet-connected devices in a major cyberattack on domain name service provider Dyn which temporarily blocked assets to popular websites, including Twitter and the New York Times. The attack prompted NIST to release its guide a month early.

Now we just have to convince money-hungry manufacturers that it makes economic sense to raise their prices to budget-conscious consumers who don't care a fig about security in order to make sure those consumers (and others) are secure. Oh yeah, that ought to work . . .

http://ridethelightning.senseient.com/2016/11/nist-guide-gives-security-blueprint-for-iot-device-makers.htmlApple Automatically Uploads iPhone Call Logs to iCloud Drivetag:typepad.com,2003:post-6a00e008daf3e0883401b7c8b23af1970b2016-11-22T10:00:00-05:002016-11-21T11:43:08-05:00It's not a bug – it's a feature. Right? Many Apple users were not happy to learn that researchers at the Russian proactive software firm Elcomsoft found that iPhones silently upload call logs to the iCloud. According to an SC...Sharon Nelson

It's not a bug – it's a feature. Right? Many Apple users were not happy to learn that researchers at the Russian proactive software firm Elcomsoft found that iPhones silently upload call logs to the iCloud. According to an SC Mediareport, Apple automatically uploads iPhone call logs to Apple's remote servers where the data may be stored for months with no option for the end user to entirely disable the feature on their device.

The feature is available on all devices running on iOS 9.x and 10.x and there is no official way to disable it other than to disable the iCloud Drive functionality. Elcomsoft says that disabling the feature would greatly affect the usability of the device since Apple delivers a number of features via iCloud Drive.

An individual's communication history can reveal a lot about a user life including sexual preferences, medical issues, infidelities, illegal activities, business dealings, and more, Tripwire Cybersecurity Researcher Craig Young told SC Media.

"Unlike the encryption employed on an iPhone's local memory storage, data stored within iCloud is encrypted in such a way that it can be retrieved with the assistance of Apple or through the use of an authentication token such as what might be stored on the device owner's computer," Young said. "A compromise of Apple's servers could therefore expose the data from a large number of users thereby enabling social engineering attacks as well as extortion schemes."

Not precisely the holiday gift we might have wanted from Apple!

Hat tip to my youngest daughter, Kim Haught, one of the many reasons I have cause to give thanks on Thanksgiving Day! Have a marvelous holiday everyone – I give thanks for all of you too - RTL will be back next week!

http://ridethelightning.senseient.com/2016/11/apple-automatically-uploads-iphone-call-logs-to-icloud-drive.htmlPodcast: The Hottest Topics in E-Discoverytag:typepad.com,2003:post-6a00e008daf3e0883401b7c8b1c7ad970b2016-11-21T10:00:00-05:002016-11-20T07:31:30-05:00Our latest Legal Talk Network Digital Detectives podcast afforded us the opportunity to talk to Doug Austin, CloudNine's Vice President of Professional Services. Doug is also the author/editor of the eDiscovery Daily Blog, one of my cherished e-discovery resources. My...Sharon Nelson

Our latest Legal Talk Network Digital Detectivespodcast afforded us the opportunity to talk to Doug Austin, CloudNine's Vice President of Professional Services. Doug is also the author/editor of the eDiscovery Daily Blog, one of my cherished e-discovery resources. My favorite part of the podcast was discussing the commitment it takes to blog on such a regular basis (tell me about it!) and why we both do it.

Beyond that, we chatted about the hottest topics in e-discovery, some of which include technology assisted review, e-discovery "gotchas", best practices, the impact of new ethical rules on competence, securing data during discovery and more.

Have a listen while you're recovering from all the turkey and fixings!